From: Laine Stump Date: Thu, 24 Jun 2010 21:58:59 +0000 (-0400) Subject: Set proper selinux label on image file during qemu domain restore X-Git-Tag: v0.8.2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=590c9c9acf79e34464dcc578730e0398901f7b13;p=thirdparty%2Flibvirt.git Set proper selinux label on image file during qemu domain restore Also restore the label to its original value after qemu is finished with the file. Prior to this patch, qemu domain restore did not function properly if selinux was set to enforce. --- diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 6ae4e8c688..acbec7a525 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6268,7 +6268,6 @@ error: return -1; } -/* TODO: check seclabel restore */ static int ATTRIBUTE_NONNULL(6) qemudDomainSaveImageStartVM(virConnectPtr conn, struct qemud_driver *driver, @@ -6380,6 +6379,11 @@ qemudDomainSaveImageStartVM(virConnectPtr conn, ret = 0; out: + if (driver->securityDriver && + driver->securityDriver->domainRestoreSavedStateLabel && + driver->securityDriver->domainRestoreSavedStateLabel(vm, path) == -1) + VIR_WARN("failed to restore save state label on %s", path); + return ret; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index d4e2edbe1f..e5eef196d1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -972,7 +972,7 @@ SELinuxSetSecurityChardevCallback(virDomainDefPtr def ATTRIBUTE_UNUSED, static int -SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED) +SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path) { const virSecurityLabelDefPtr secdef = &vm->def->seclabel; int i; @@ -1009,6 +1009,10 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_ SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0) return -1; + if (stdin_path && + SELinuxSetFilecon(stdin_path, default_content_context) < 0) + return -1; + return 0; }